This is better, but I didn't have any issues with the CVE notation you
had in the v1 of the patch.
Both the explicit CVE mentions and the changelog should be in the patch.
And a 3rd element should be to mention which versions are impacted by
the CVEs, so I can check that the version in master is safe (or you
can indicate that in your patch: " version <x> master is not impacted
by these CVEs"
Bruce
On Mon, Oct 23, 2023 at 7:55 AM Soumya via lists.yoctoproject.org
<soumya.sambu=windriver....@lists.yoctoproject.org> wrote:
>
> From: Soumya Sambu <soumya.sa...@windriver.com>
>
> Bumping kubernetes to version v1.27.5, which comprises the following commits:
>
> 38c97fa67ed Merge pull request #120135 from
> ritazh/cherry-pick-cve-2023-3955-1.27
> 89048339422 Merge pull request #120130 from
> ritazh/cherry-pick-cve-2023-3676-1.27
> acc29048e6d Use environment varaibles for parameters in Powershell
> 172644fb55d Use env varaibles for passing path
> 00dfa0634be Merge pull request #119868 from
> liggitt/automated-cherry-pick-of-#119835-upstream-release-1.27
> 3b6bcaa0b96 Avoid returning nil responseKind in v1beta1 aggregated
> discovery
> bd722aa3ff5 Merge pull request #119828 from jeremyrickard/go1207-1.27
> 94b3e00eef0 [release-1.27] releng/go: Bump images, versions and deps to
> use Go 1.20.7
> de56018f04a Merge pull request #117269 from
> tnqn/automated-cherry-pick-of-#117245-#117249-upstream-release-1.27
> 521580378aa Merge pull request #119363 from
> jsafrane/automated-cherry-pick-of-#117804-upstream-release-1.27
> d35a1c8a7a7 Merge pull request #119620 from
> liggitt/automated-cherry-pick-of-#117710-upstream-release-1.27
> 579208d9616 Merge pull request #117486 from
> TommyStarK/automated-cherry-pick-of-#117449-upstream-release-1.27
> 2ac615ccde3 Merge pull request #117235 from
> cvvz/automated-cherry-pick-of-#116134-origin-release-1.27
> 559f43d49c6 Merge pull request #119466 from
> mimowo/automated-cherry-pick-of-#119434-upstream-release-1.27
> 382c283f339 Merge pull request #119113 from
> champtar/automated-cherry-pick-of-#118922-upstream-release-1.27
> 05b64c6b5e1 Merge pull request #119604 from
> a7i/automated-cherry-pick-of-#118549-upstream-release-1.27
> ecd45047e45 Merge pull request #119572 from
> andrewsykim/automated-cherry-pick-of-#118601-origin-release-1.27
> 927dba2589a e2e_node: move getSampleDevicePluginPod to
> device_plugin_test.go
> db832fdfa67 fix 'pod' in kubelet prober metrics
> 4c67c5d5e76 priority & fairness: support dynamically configuring work
> estimator max seats
> 6d31f4b31ba Merge pull request #119519 from
> jingxu97/automated-cherry-pick-of-#118451-upstream-release-1.27
> 17c98720e84 Add mininumKubelet tag into ReadWriteOncePod test
> ed0cdc9e0b2 Include ignored pods when computing backoff delay for Job pod
> failures
> ae24a5cf74b Remarks
> 9e1050b4d90 Adjust the algorithm for computing the pod finish time
> fa950050cc9 Update CHANGELOG/CHANGELOG-1.27.md for v1.27.4
> fa3d7990104 Release commit for Kubernetes v1.27.4
> d794e0e5cf8 Merge pull request #119366 from xmudrii/go1206-1.27
> a1b127ca7a1 [release-1.27] releng/go: Bump images, versions and deps to
> use Go 1.20.6
> aefc4d0392a Rename updateReconstructedFromAPIServer
> eeba02fc625 Rename volumesNeedDevicePath
> 5eb3b748e8e Update volumesInUse after attachability is confirmed
> f8bb161ab55 Add uncertain state of volume attach-ability
> 08b7937d256 Refactor FindAttachablePluginBySpec out of CSI code path
> 16fc1c954ce Merge pull request #119262 from
> HirazawaUi/automated-cherry-pick-of-#119229-upstream-release-1.27
> 3ca3e0ad484 Merge pull request #118947 from
> Evan-Reilly/automated-cherry-pick-of-#118237-upstream-release-1.27
> 5ee5d7346e1 Merge pull request #119096 from
> aleksandra-malinowska/automated-cherry-pick-of-#117865-upstream-release-1.27
> 1484a5c32f0 Fix the converts an empty string to nil.
> b5c876a05b7 Merge pull request #117226 from
> princepereira/automated-cherry-pick-of-#116749-upstream-release-1.27
> d98c5b8a026 Merge pull request #119160 from
> alculquicondor/automated-cherry-pick-of-#119159-upstream-release-1.27
> 28c79be6747 Add unit tests for parallel StatefulSet create & delete
> 66f980be120 Parallel StatefulSet pod create & delete
> 288504fbf8d Refactor StatefulSet controller update logic
> 92a0f58e2bf Only declare job as finished after removing all finalizers
> c655001fa48 Automated cherry pick of #118716 upstream release 1.27
> (#118911)
> 052ac3eb1bf Merge pull request #119065 from
> xmudrii/automated-cherry-pick-of-#118899-upstream-release-1.27
> b667da8e08a Merge pull request #118683 from
> serathius/automated-cherry-pick-of-#118460-origin-release-1.27
> f8c1cc33cb6 Merge pull request #119139 from kmala/1.27
> 5bbacb11989 Merge pull request #118290 from
> HirazawaUi/automated-cherry-pick-of-#118177-upstream-release-1.27
> b383755e462 Hide numberOfMissedSchedules as an algorithm internal number
> 26db84e04c7 Update schedule logic to properly calculate missed schedules
> fe4e288bcdd Merge pull request #118855 from
> aojea/automated-cherry-pick-of-#118686-upstream-release-1.27
> a54590f218d Merge pull request #117936 from
> jsafrane/automated-cherry-pick-of-#117243-upstream-release-1.27
> ad569aec159 kubeadm: backdate generated CAs by 5 minutes
> 0fc5c972129 client-go: allow to set NotBefore in NewSelfSignedCACert()
> 0ed276fb568 Merge pull request #118199 from
> aleskandro/automated-cherry-pick-of-#118053-origin-release-1.27
> 04e86095d38 Merge pull request #118930 from
> atiratree/automated-cherry-pick-of-#118876-upstream-release-1.27
> 3c115eec0b9 Automated cherry pick of #118805: test comment should match
> the code in podgc (#118913)
> db247e1df34 Merge pull request #118969 from
> champtar/automated-cherry-pick-of-#117791-upstream-release-1.27
> 55872a8eb12 Merge pull request #119086 from
> neolit123/automated-cherry-pick-of-#118150-origin-release-1.27
> 39a4cd1a083 call ./hack/update-vendor.sh
> 33af2a45f53 kubeadm: remove function pointer comparison in phase test
> 3f4643682e3 CHANGELOG-1.27: Add note for AWS in-tree provider removal
> 703edddae4e Updating the nodeAffinity of gated pods having nil affinity
> should be allowed
> 3b874af3878 Merge pull request #118662 from
> mkowalski/automated-cherry-pick-of-#118329-upstream-release-1.27
> d936e6669bb Merge pull request #118841 from
> bobbypage/automated-cherry-pick-of-#118497-upstream-release-1.27
> 3aa21cec0ec fix the existing problem (0 SerialNumber in all certificate)
> as part of this PR in a separate commit
> cd08820ba9a update serial number to a valid non-zero number in ca
> certificate
> 5253d8e02c7 Merge pull request #118664 from
> pohly/automated-cherry-pick-of-#118524-origin-release-1.27
> 76b9400cea3 Merge pull request #118283 from
> pohly/automated-cherry-pick-of-#118257-origin-release-1.27
> 1260b845752 Delete CRDs created during field validation tests.
> f689046fb6b kubectl explain should work for both cluster and namespace
> resources and without a GET method
> f7d82bfdffe Merge pull request #118797 from harche/1.27_cadvisor_bump
> 59cd1d0b3bb always execute condition for wait.PollUntilContextTimeout
> with immediate=true
> 5423fffca9d Review remarks to improve HandlePodCleanups in kubelet
> 24c67c15240 Fix the deletion of rejected pods
> 0539a6a194a Merge pull request #118821 from
> helayoty/automated-cherry-pick-of-#118049-upstream-release-1.27
> 62cf5ee1cdb Unset gated pod info timestamp in addToActiveQ
> 027b4632bbb deps: Bump to cAdvisor v0.47.2
> ea2af58b5bd Make etcd component status consistent with health probes
> f2548642c4e e2e storage: terminate worker quietly on test completion
> 9a001cea215 Fix flaky persistent volumes e2e test
> eb5825b3a3c Set the node-ips annotation correctly with
> CloudDualStackNodeIPs
> a2ba2626e85 Update CHANGELOG/CHANGELOG-1.27.md for v1.27.3
> 25b4e43193b Release commit for Kubernetes v1.27.3
> aae883e5fa7 Merge pull request #118553 from puerco/bump-1.27-go1.20.5
> e13e5915a78 Merge pull request #118307 from
> SataQiu/automated-cherry-pick-of-#117169-upstream-release-1.27
> e0a2a6efdd1 update-vendor: update vendored go.sums
> 82b2c5aefa3 releng/go: Update images, dependencies and version to Go
> 1.20.5
> e2cc1a3b21b Merge pull request #118515 from
> aojea/automated-cherry-pick-of-#118499-upstream-release-1.27
> 3a77d5a59f0 Merge pull request #118471 from
> ritazh/automated-cherry-pick-of-#118356-upstream-release-1.27
> b30e94b1253 kube-proxy avoid race condition using LocalModeNodeCIDR
> 5e00018fccf Merge pull request #117948 from
> dlipovetsky/automated-cherry-pick-of-#117792-#117724-upstream-release-1.27
> 76f14499624 Merge pull request #118281 from
> aojea/automated-cherry-pick-of-#118256-upstream-release-1.27
> d59b91d97b4 Add ephemeralcontainer to imagepolicy securityaccount
> admission plugin
> d71d96a5d24 Merge pull request #118219 from
> mimowo/automated-cherry-pick-of-#117586-upstream-release-1.27
> c48bdec2ced Merge pull request #118279 from
> aojea/automated-cherry-pick-of-#118200-upstream-release-1.27
> c345ce91a03 supported version of etcd 3.5.7-0 for Kubernetes v1.27.0-rc.0
> 22e8a99ec6e Fix the git-repo test error caused by the correct use of loop
> variables
> 009a7a6fb9f dra scheduler plugin test: fix loopvar bug and "reserve"
> expected data
> 7888798873e e2e framework retry on Service unavailable errors
> f41a169a354 e2e: apply timeout for CSI Storage Capacity test only to node
> 916bc55a7bf Merge pull request #118178 from
> HirazawaUi/automated-cherry-pick-of-#118156-upstream-release-1.27
> e407c2b4b02 Add DisruptionTarget condition when preempting for critical
> pod
> d2bd738e274 update webhook test to go 1.21
> 4025005877a Merge pull request #118105 from
> SataQiu/automated-cherry-pick-of-#118069-upstream-release-1.27
> af024b2a086 Merge pull request #118111 from
> liggitt/automated-cherry-pick-of-#118104-upstream-release-1.27
> 9107eee6583 Test APIService safe handling at startup
> 0bff4e35669 Fix waiting for CRD sync at server start
> 1ae728f4344 kubeadm: fix a bug where the static pod changes detection
> logic is inconsistent with kubelet
> f404d1c4d3c Update CHANGELOG/CHANGELOG-1.27.md for v1.27.2
> 7f6f68fdabc Release commit for Kubernetes v1.27.2
>
> Signed-off-by: Soumya Sambu <soumya.sa...@windriver.com>
> ---
> recipes-containers/kubernetes/kubernetes_git.bb | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-containers/kubernetes/kubernetes_git.bb
> b/recipes-containers/kubernetes/kubernetes_git.bb
> index 3a6e7119..560fd8b7 100644
> --- a/recipes-containers/kubernetes/kubernetes_git.bb
> +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> @@ -5,8 +5,8 @@ applications across multiple hosts, providing basic
> mechanisms for deployment, \
> maintenance, and scaling of applications. \
> "
>
> -PV = "v1.27.1+git${SRCREV_kubernetes}"
> -SRCREV_kubernetes = "2555e0f90e80a13628f47eca5cde34decc89babb"
> +PV = "v1.27.5+git${SRCREV_kubernetes}"
> +SRCREV_kubernetes = "93e0d7146fb9c3e9f68aa41b2b4265b2fcdb0a4c"
> SRCREV_kubernetes-release = "21382abdbfa8e6a43fd417306fa649cb651cc06e"
> PE = "1"
>
> --
> 2.40.0
>
>
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8393):
https://lists.yoctoproject.org/g/meta-virtualization/message/8393
Mute This Topic: https://lists.yoctoproject.org/mt/102133424/21656
Group Owner: meta-virtualization+ow...@lists.yoctoproject.org
Unsubscribe:
https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
